Azure Template DSC Never Starts

In this post, I’ll explain how I figured out a problem where I couldn’t get the Azure Resource Manager (ARM) JSON template DSC extension to execute. The problem below might explain why your DSC extension never appears to start, assuming that you have uploaded your DSC pack (zip file) to an accessible Internet location, and enter the URL and module names correctly in your template.

In my scenario, I wanted to deploy a domain controller as a VM on a virtual network. Normally, when you do this you would configure the DNS settings of the VNet to point at the desired static IP of the DC. For example, you’d create a NIC for the DC, set that NIC to have a static IP (10.0.0.4 for example), and then edit the settings of the VNet to be the IP address of the DC’s NIC. In am ARM template, the resource dependencies would order that process as below:

I configured my ARM template as above and everything was deploying … or so it appeared. The DSC extension appeared in the Portal and had a status of Created. However, when I used PowerShell to query things, I found it still had a status of Creating, and when I logged into the DC VM I found that nothing had happened. I don’t know how many hours I spent trying to figure out what I had done wrong. My emphasis on DNS above should give you a clue.

The virtual network has been configured to use the VM is it’s own DNS server, but the VM is still not a DNS server because the DSC extension hasn’t added the roles or done the DCPROMO. So when I tried to download the DSC pack (zip file) from the Internet, it wasn’t downloading. In fact, I couldn’t resolve any DNS names. I went looking at some of the sample ARM templates that do a DCPROMO and noticed a trend. They did the following using nested templates:

What changed? A nested template is used to deploy the virtual network using the default Azure DNS addresses (no configuration required). Now the new DC VM can access Internet resources via DNS names – and the DSC pack can be downloaded from the Internet and applied – adding the roles and executing the DCPROMO to make the machine a domain controller. The final step is to fix up the virtual network – so another nested template is executed to modify the VNet’s DNS settings to use the static IP address of the DC.

Did you Find This Post Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in London on July 5-6, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Archives

About this Blog

This blog serves 2 purposes. Firstly, I want to share information with other IT pros about the technologies we work with and how to solve problems we often face. I've worked with technologies from the desktop to the server, Active Directory, System Center, security and virtualisation.

Secondly, I use my blog as a notebook. There's so much to learn and remember in our jobs that it's impossible to keep up. By blogging, I have a notebook that I can access from anywhere. It has saved my proverbial many times in the past.

Waiver

Anything you do to your IT infrastructure, applications, services, computer or anything else is 100% down to your own responsibility and liability. Aidan Finn bears no responsibility or liability for anything you do. Please independently confirm anything you read on this blog before doing whatever you decide to do.